Summary: | net-www/awstats ShowInfoURL Remote Command Execution Vulnerability (CAN-2005-1527) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sune Kloppenborg Jeppesen (RETIRED) <jaervosz> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | frederic.mangeant, ka0ttic, rockoo, web-apps |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.idefense.com/application/poi/display?id=290&type=vulnerabilities&flashstatus=false | ||
Whiteboard: | B1? [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Sune Kloppenborg Jeppesen (RETIRED)
2005-08-11 11:09:47 UTC
web-apps please advise and bump as necessary. 6.5 in cvs, x86 stable. ppc when you stable, if you can, please remove the vulnerable ebuilds (6.3-r2 and 6.4). Thanks. In fact this could be considered B2 as it's a passive attack. But since logs generation is often automatized... I don't know :) Stable on ppc. GLSA 200508-07 Hi it looks like AWStats 6.5 is not out yet, I've just received this from the author : "AWStats 6.5 Beta is ready This new version is not ready for a production use. It is just a beta release. AWStats 6.5 beta contains bug fixes and new features" Yes, this is quite confusing. Apparently upstream uses the same versioning for alphas, betas and releases... ka0ttic, comments ? if he doesnt want it used in production then he needs to push the security updates to a stable release. this is rediculous IMO. |